Tech companies, governments, and international agencies have all announced measures to help contain the spread of the COVID-19, otherwise known as the Coronavirus.
Some of these measures impose severe restrictions on people’s freedoms, including to their privacy and other human rights. Unprecedented levels of surveillance, data exploitation, and misinformation are being tested across the world.
Many of those measures are based on extraordinary powers, only to be used temporarily in emergencies. Others use exemptions in data protection laws to share data.
Some may be effective and based on advice from epidemiologists, others will not be. But all of them must be temporary, necessary, and proportionate.
It is essential to keep track of them. When the pandemic is over, such extraordinary measures must be put to an end and held to account.
This page will be updated as measures are reported.
This is a collective project led by PI alongside its global Network. But we also need your help. If you know of an example we can add and track, please contact us with an open source link, at https://privacyinternational.org/contact.
Data can be essential and useful at various stages of a pandemic and public health emergency. It can also feed intelligence and policing, being highly useful for enforcement. Finally, it can be valuable for commercial exploitation. The challenge before us now is which of these do we prioritise in specific settings.
Quarantining is a significant interference with rights, which is why it is only recommended to be done under the advisement of health professionals. Using tech and data to do this can be particularly problematic.
Shortly after launch, security researcher Baptiste Robert discovered that India's contact tracing app, Aarogya Setu ("Health Bridge"), allows users to spoof their GPS location, find out how many people reported themselves as infected within any 500-metre radius, and mount a triangulation attack to
After a call from a vendor, India's state-owned Broadcast Engineering Consultants Limited (BECIL) put out an expression of interest for electronic bracelets and accompanying software for use to ensure that COVID-19 patients do not violate their quarantine orders. A hundred companies responded. BECIL
A security lapse exposed one of the core databases of the coronavirus self-test symptom checker app launched by India's largest cellphone network, Jio, shortly before the government lockdown began in late March. The database, which had no password protection and contained millions of logs and
The Indian authorities have said that the country's contact-tracing app, Aarogya Setu ("health bridge", in Sanskrit), will be voluntary - but mandatory for federal government employees, food delivery workers, and some other service providers. It may also be needed to access public transport and
The Israeli company Cellebrite, best known for providing hacking software to help law enforcement agencies get inside suspects' iPhones, is now pitching its technology to help authorities pull the location data and contacts off the phones of newly-diagnosed COVID-19 patients in order to "quarantine
The Internet Freedom Foundation has sent a legal notice to the Broadcast Engineering Consultants India, Limited (BECIL), a public sector undertaking under the Ministry of Information and Broadcasting, calling on the organisation to modify a tender seeing procurement of a "Personnel Tracking GPS
Our partners from the Centre for Internet & Society in India wonder themselves whether the use of an official chatbot to advance ‘right information’ is the most efficient way to handle misinformation?. In a recent example, a ministry released advisories on how homeopathy can prevent the coronavirus
India's COVID-19 tracker app, Aarogya Setu, was downloaded 50 million times in the first 13 days it was available. Developed by the National Informatics Centre a subsidiary of the Ministry of Electronics and IT, the app is available on both Android and iOS smartphones, and uses GPS and Bluetooth to
The State Disaster Management Authority of the Indian state of Andhra Pradesh, in collaboration with other government agencies, is developing tools to track the travel history of people who have tested positive for the novel coronavirus and those who are under quarantine at home. The COVID alerting
Learning from countries like South Korea, government of the Indian state Karnataka has assigned its ten-member COVID-19 task force, which includes IAS officers with expertise in the fields of technology, medicine and healthcare, to develop a system to the approximately 40,000 people who visited
The computer science department at IIT-Bombay has sent two proposals for mobile applications that can track quarantine violators to a variety of Indian public authorities including officials in the Ministry of Human Resource and Development, the Maharashtra state government, and the Brihanmumbai
On the second day of India's nationwide shutdown due to the COVID-19 outbreak, the Karnataka government published the home addresses of quarantined residents, as a deterrent to breaking the rules. The list included individuals who had flown in from a foreign country and been asked to stay indoors
The Indian medical AI start-up Qure.ai has released qScout, an AI-powered "virtual care platform". Intended to help governments, hospitals, and clinics, the qScout app is meant to identify high-risk individuals, assist with contact tracing, facilitate remote triage, read chest X-rays to identify
India has begun stamping the hands of people arriving at airports in the states of Maharashtra and Karnataka to specify the date until which they must remain in quarantine. The government is also using airline and railway reservation data to track suspected infections and find hand-stamped people
The Mumbai police have been asked by the civic governing body to track the movements of people arriving at Mumbai airport through the GPS location of their phones. Arrivals at the airport in Mumbai are also being stamped with “Proud to protect Mumbaikars. Home quarantined” with the date until which